Information Commissioner’s Office 


Senior Leadership Team — for decision 


Meeting agenda title: Regulatory Delivery Board (RDB) Terms of 
Reference 


Meeting date: 26 April 2022 
Time required: 5 minutes 
Presenter: Chris Braithwaite 


i Objective and recommendation 


1.1. This report provides SLT with proposed updates to the terms of 
reference for RDB. These were reviewed and endorsed by RDB at 
their meeting on 16 March 2022. SLT is asked to approve the 
updated ToRs. 


2. Developing a common understanding 


2.1. As RDB has its delegated authority from SLT, any updates to the 
ToRs need to be approved by SLT. 


Matters to consider to achieve objective 


3.1. RDB held an away day on 14 February 2022, at which there was 
significant discussion about RDB’s objectives, how it operates, and 
how it delivers its work programme. 


3.2. |The discussion led to re-consideration of the role of RDB. The ToRs 
are currently focused on business planning and KPIs, but these are 
covered through the business planning and challenge processes. 
The appetite at the away day was for RDB to focus on ensuring the 
structures are in place to deliver our most significant regulatory 
activities. This particularly includes the regulatory posture, 
regulatory design, and oversight of key regulatory strategies. 


3.3. As a result, the terms of reference have been redrafted to reflect 
this role. Primarily, this has meant amendment to section 2 of the 
ToRs (responsibilities) to remove references to oversight of 
business planning, KPIs and similar, and adding references to 
oversight of delivery of regulatory strategy. 


3.4. At the Away Day, there was some discussion about whether RDB 
should have a role in decision-making on these issues, or whether 
it should be more about providing challenge and strategic 
direction, with decisions made by individual Directors or Exec 
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Directors following this challenge. James Dipple-Johnstone, 
Stephen Bonner and Steve Wood have discussed this and agreed 
that RDB should strike a balance here between having oversight 
and challenge of strategic direction, but also continue to take 
decisions on specific strategic issues which effect the ICO’s 
approach to regulatory delivery. The terms of reference have been 
drafted with that in mind. 


3.5. It remains the case that RDB does not have any decision-making 
on specific cases. 


Author: Chris Braithwaite 


List of Annexes: Annex 1 - Updated RDB ToRs (a version showing 
tracked changes can be provided by Corporate Governance) 


Publication decision: This report can be published internally and 
externally. 


Outcome reached: 
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1CO. 


Information Commissioner's Office 


Regulatory Delivery Board Terms of Reference 


iy 


1.1. 


1.2. 


1.3. 


Purpose 


The overall purpose of the SLT Boards is to deliver SLT’s purpose of 
strategic oversight and delivery of cross-office priorities and plans. 
The Boards were created to ensure that sufficient capacity within 
these meetings for consideration, challenge, and scrutiny to deliver 
SLT’s collective role. 


The role of the Regulatory Delivery Board (RDB) is to oversee, 
direct and coordinate the ICO’s work to deliver its regulatory 
functions, in line with the strategic direction set by the Management 
Board. 


The RDB will not take any decisions as to individual cases; these will 
be taken by the respective staff members in line with the 
Commissioner's scheme of delegations, with advice from the 
Regulatory Panel where sufficiently significant. 


Responsibilities 
The RDB is responsible for decisions and oversight on: 
e The ICO’s regulatory posture to align to the strategic direction. 


e The regulatory design of the ICO to deliver the strategic 
direction set by Managment Board.Delivery of the Regulatory 
Action Policy (and related statutory guidance), International 
Strategy, Technology Strategy, FOIA/EIR strategy, Intelligence 
Strategy, and the performance and quality KPIs associated with 
our front-line and customer services. 


e Delivery of strategic regulatory issues, particularly those which 
span multiple ICO directorates. 


e Prioritising the use of resources across our regulatory activities, 
referring issues to Resources Board, SLT or Executive Team 
where necessary. 


e The decision-making structure within the regulatory space which 
is necessary to support the delivery of regulatory activities. 


e Operational manuals to deliver our regulatory activities. 


5.2 


e Ensuring appropriate design and implementation of succession 
planning arrangements relating to regulatory activities. 


e Oversight of delivery of the ICO’s risk appetite in regulatory 
activities. 


e Delivery of our regulatory EDI outcomes. The RDB will refer 
issues to the EDI Board as appropriate, and consider issues 
referred to it by the EDI Board. 


e Delivery of regulatory activity with the Digital Regulators’ 
Cooperation Forum. 


Work Programme 


The RDB will maintain a work programme which sets out its 
expected activities to meet these responsibilities for the next 12 
months. The RDB will consider this work programme at each 
meeting. Corporate Governance will keep this work programme up 
to date based on the information provided by RDB members. 


Authority 


The RDB’s authority derives from ET and SLT. Where work of the 
Board is materially contributing to achieving ET’s goals, the Board 
will report this to ET for assurance. Where the work of the Board 
introduces a significant risk to achieving ET’s goals, the Board will 
refer that to the relevant ET member, who may refer this to ET for 
decision. ET’s goals are provided as an annex to these Terms of 
Reference. The RDB will also provide assurance to the Management 
Board, through regular updates via the IRSP report. 


Links to other bodies 


The RDB will receive reports from any other governance group as 
appropriate, and will also refer reports to other groups as 
appropriate. 


Senior Leadership Team 


The Chair of the RDB will provide a report on the RDB’s activities to 
each meeting of SLT. This includes highlighting any issues to be 
discussed at future Board meetings, to facilitate advanced 
consultation. The RDB’s work programme will also be provided to 
each SLT meeting for information. The RDB may also receive 
reports which have been considered by SLT, where appropriate. 


5.3 


5.4 


5.5 


5.6 


5.7 


5.8 


5.9 


Where required, other members of the RDB may attend SLT 
meetings to provide information or input from the RDB. 


Other Boards 


The RDB will work collaboratively with the other Boards as 
appropriate, ensuring that views of other Boards are considered 
when the RDB exercises its responsibilities, and understanding that 
other Boards will act similarly in considering the RDB’s views. This 
may happen at an informal level between Board Chairs or Board 
members. 


The Resources Board will highlight issues to SLT or refer issues to 
other Boards for information where it is clear that another Board 
should be aware of the work of the Resources Board. 


There is no overlap between the roles of the Boards. However, in 
exceptional circumstances, there may be issues where approval is 
required by more than one Board before action can be taken. This 
should be avoided wherever possible through discussion between 
Board chairs and consultation between Board members. However, 
where this is unavoidable, the same report should be reframed and 
presented to both Board meetings, with a clear recommendation on 
the specific decision needed from each Board. Outcomes from one 
Board will be reported to the other Boards. Corporate Governance 
will facilitate this process. 


In the event of a conflict between two Boards, the Chairs should 
meet to determine the way forward and inform Corporate 
Governance accordingly. If conflict remains, the matter should be 
referred to SLT for decision. 


Programmes 


The RDB may be responsible for the delivery of a range of 
programmes. These will be delivered through a separate 
programme board, but as required this programme board will report 
to the RDB to ensure appropriate oversight. 


Executive Team 


The RDB may refer issues to ET where they require clarity, direction 
and approval in areas of greatest corporate risk or opportunity. 


7.2 


7.3 


Chair 


The RDB is chaired by the Chief Regulatory Officer. When the chair 
is unavailable for a meeting, they will nominate a substitute to chair 
the meeting in their absence. 


Composition 

The RDB comprises: 

e Chair: Deputy Commissioner (Chief Regulatory Officer) 
e Deputy Commissioner (Regulatory Futures and Innovation) 
e Deputy Commissioner (Regulatory Strategy) 

e Director of Data Protection Complaints & Public Advice 
e Director of Digital, IT and Business Services 

e Director of Regulatory Futures 

e Director of Freedom of Information and Transparency 
e Director of High Priority Inquiries & Intelligence 

e Director of International 

e Director of Investigations 


e Director of People and Workforce Planning (or their 
representative) 


e Director of Regulatory Assurance 

e Director of Technology and Innovation 

e Director of Operation Chandra 

e Director of Economic Analysis and Regulatory Portfolios 
e Director of Regulatory Design 

e Director of Cyber Regulation 

e Director of Legal Services (Regulatory Enforcement) 

e Head of Knowledge Services (or their representative) 


Private Secretaries to the Executive Team members involved in the 
Board will attend all meetings. 


The Chair may amend this membership as required. They will report 
this to the next meeting of the Board when doing so, including the 
reasons for the change in membership. Corporate Governance will 
then update the Terms of Reference. 


7.4 


7.5 


9.2 


10. 
10.1 


10.2 


10.3 


11. 


Department Heads within Regulatory Supervision Service and 
Regulatory Futures and Innovation Service will attend each meeting 
as observers, on a rota basis. 


The Chair may also invite any other ICO staff to RDB meetings as 
required. This may include Chairs of other Boards, where an issue 
with crossover to that Board's area of responsibilities is due to be 
discussed. 


Quorum 
The quorum is: 
e The Chair (or their nominated substitute); and 


e At least five other members. 
Information requirements 


All RDB members are responsible for ensuring that appropriate 
information is provided to the RDB to complete its responsibilities, 
including appropriate consultation to ensure that all potential 
impacts are considered before decisions are made.. The Chair is 
ultimately responsible for determining what information is required. 


Following each meeting, a short communication will be sent to all 
Department Heads within Regulatory Supervision Service and 
Regulatory Futures and Innovation Service, to highlight the key 
decisions from the meeting. 


Considering reports by email 


In the event that an urgent decision is required between meetings, 
the RDB may consider reports by correspondence, particularly those 
reports not likely to require significant discussion. Corporate 
Governance will facilitate this. 


Any reports considered on this basis must receive sufficient 
responses to constitute the quorum for a RDB meeting. RDB 
members will usually be given one week to consider reports 
circulated by email, but if a clear consensus emerges before that, 
the decision may be implemented sooner. If significant discussion is 
required, the report should be referred to the next Board meeting. 


Corporate Governance will provide a report to each RDB meeting on 
any matters considered by email, the comments received and the 
outcome of the consideration. 


Budget 


12, 
12.1 


13; 
13.1 


14. 
14.1 


14.2 


14.3 


15. 
15.1 


15.2 
16. 
16.1 


The RDB has no specific budget. Any work commissioned by the 
RDB will be funded from budgets within the relevant Directorate(s), 
or funded through an approved business case where necessary. This 
should be exercised in accordance with all other ICO budget 
controls. 


Secretariat 
Secretariat is provided by the Corporate Governance Team. 
Frequency of meetings 


The RDB will meet at least once a month. The group may meet 
more frequently, either with approval of the Chair or, in the Chair’s 
absence, at the request of at least 4 Board members. 


Evaluation 


On an annual basis (or more frequently if required), SLT will review 
the ICO's corporate governance structure to ensure that it remains 
appropriate. The RDB should ensure that arrangements are in place 
to enable it to feed in to this review and satisfy itself that it is 
discharging its responsibilities effectively and efficiently. 


In order to achieve this, the RDB will undertake a bi-annual review 
of its performance against the agreed forward plan, in order to 
evaluate its effectiveness and areas of improvement. A copy of this 
report will be provided to SLT. 


The RDB should also periodically review the format and quality of 
reports submitted to them and provide feedback on good practice 
and areas of improvement to management teams. 


Publication of papers 


The agenda for each meeting will be published internally via 
SharePoint. The minutes will be published internally via SharePoint, 
once approved. Reports will be published internally via SharePoint 
where deemed appropriate by report authors. 


Agendas, minutes and reports will not be published externally. 
Links to other forums 


The Board's place in the overall governance structure is set out in 
the diagram below. 
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Annex — Executive Team goals 


e Position of the organisation as the information rights regulator - 
setting the vision and mission and ensuring that all activities, either 
directly or indirectly, contribute towards it. Long-term horizon 
scanning, ensuring the strategic direction is based on a collective 
understanding of policy issues; using outside perspective to ensure 
that the ICO is challenged on its outcomes and understanding the 
perspective of others, in particular the regulated community and the 
public. 


° Setting the tone and culture of the ICO - setting the ICO’s risk 
appetite and ensuring controls are in place to manage risk; agreeing 
and monitoring the ICO’s people related strategies and plans, 
monitoring the organisation’s compliance culture and ensuring there 
is a clear vision for the way the ICO works and understanding of its 
values. 


e Ensuring the ICO has the capacity and capability it needs - 
determining sign-off of large operational projects or programmes; 
ensuring sound financial management; scrutinising the allocation of 
financial and human resources to achieve the plan and ensuring 
organisational design supports attaining strategic objectives. 
Evaluation of the Board and its members and succession planning to 
ensure the ICO has the capability to deliver and to plan to meet 
current and future needs. 


Defining the perception of the ICO - agreeing plans and strategies; 
setting objectives for strategic engagement activities; driving the ICO 
to be an effective, modern, independent regulator. 


Monitoring the performance of the ICO towards achieving its strategic 
goals - ensuring clear, consistent, comparable performance 
information is used to drive improvements and demonstrate the 
impact of the work of the organisation. Monitoring and steering 
performance against plan; scrutinising performance and setting the 
ICO’s standards and values, holding the Executive to account for 
delivery of its plans and strategies. 


